On 2017-09-28, Darren Tucker <dtucker@zip.com.au> wrote:
> On 28 September 2017 at 06:32, mabi <mabi@protonmail.ch> wrote:
>> Thanks for the pointer regarding SNI not being supported in relayd. I will go on and find another solution, probably HAproxy.
>
> For a small number of domains it would probably be feasible to get a
> single certificate with multiple SANs. Letsencrypt at least supports
> this as long as all of the domains map (or can be made to map) to the
> place requesting the certificate.
With the dns-01 challenge type they don't need to be mapped to the same
place at all. Though the normal http-01 challenge requests don't use TLS,
so it should be easy enough to proxy them, even with relayd.
No comments:
Post a Comment